package com.zhangyj.security;

import java.sql.SQLException;

import com.zhangyj.LocalMessage;
import com.zhangyj.dao.DaoManager;
import com.zhangyj.dao.RoleDao;

public class BaseAuthemtication implements IAuthentication {

	
	public void validate(int userid, Permission per) throws AuthenticationException {
		try {
			int actions = getActions(userid, per.getFuncId());
			if ((actions & per.getAction()) != per.getAction()) {
				throw new AuthenticationException(LocalMessage.get("func.error.validate"));
			}
		} catch (SQLException e) {
			throw new AuthenticationException("你无权使用该功能!");
		}
	}

	public int getActions(int userId, int functionId) throws SQLException {
		return DaoManager.getDao(RoleDao.class).getActions(userId,functionId);
	}
}
